Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
South Korean authorities believe North Korea’s Lazarus Group carried out the Upbit hack, while Solana-based tokens were quickly converted to Ethereum in 185 wallets within hours.
The hack happened as Dunamu, Upbit’s parent company, announced a historic $10.3 billion merger with Naver. This coincidence has created uncertainty for both companies amid ongoing investigations and regulatory pressures.
Sponsored
Sponsored
Authorities suspect the North Korean-backed Lazarus Group
Authorities are investigating The Upbit hack worth 44.5 billion won ($30 million) has been identified as a possible operation by North Korea’s Lazarus Group. The attack reused the 2019-style hot pot hack, with jumping and shuffling activities suggesting a deliberate wash. Financial regulators and the Korea Internet and Security Agency (KISA) visited Dunamu’s headquarters and began urgent on-site inspections to assess damage and security failures.
The Upbit hack exposed advanced cross-chain money laundering techniques. been analyzed Data on the chain on November 28 It was found that the attacker replaced 24 Solana-based tokens with WSOL (Wrapper Solana) andSOL Before spreading funds in 185 wallets. The attacker quickly funneled the stolen assets through the chains and converted them into ETH, collecting over $1.6 million after emptying Upbit’s hot wallet.
Market observers noted the complexity of the process. An analyst said He continues Fund movements in Real time Bridging activity through Allbridge created arbitrage gaps due to weak liquidity pools. Each transfer of $200,000 to $300,000 left visible traces for those who closely follow blockchain flows.
Ongoing sanctions complicate the future
The hack adds to Dunamu’s ongoing regulatory woes. Before November, The Financial Intelligence Unit (FIU) imposes The Korea Financial Services Commission fined the stock exchange operator a record 35.2 billion won ($26.5 million) for violating reporting requirements and using specific financial transaction information. This is the heaviest penalty ever imposed on a crypto company by the FIU.
These violations included the failure to conduct customer due diligence 5.3 million times, the failure to block 3.3 million unauthorized transactions, and 15 unreported suspicious activities. In addition to the fine, the organizers impose Partial suspension of business for three months They reprimanded nine leaders. Donamo has filed an appeal against the suspension, with the next trial date set for next week.
Sponsored
Sponsored
The sanctions froze the renewal of virtual asset service provider (VASP) licenses for more than a year. All the main twenty Korean trading exchanges including Abbitis now operating on extended licenses while Donamo awaits the outcome of his case. Under Korean law, the usual three-year renewal process remains deferred until the sanctions are resolved. This stalemate affects the entire Korean cryptocurrency sector.
Industry experts point out that the potential suspension of activities may prevent Donamo from entering new projects independently. However, a merger with Naver may provide a way forward. With the acquisition of Navir, Donamo will be able to access new markets despite the immediate regulatory barriers.
But the hack complicates the situation. If the internal failures are confirmed, Donamo may face additional sanctions. Such penalties can make it more difficult to renew your VASP license. Conversely, if the involvement of Lazarus is confirmed, Abbet can receive a partial exoneration, as she did. After the attack six years ago. This case came to a conclusion only after five years. A similar timeline could delay regulatory decisions this time around as well.
Study the authorities Possible failures in internal control. Donamo temporarily suspended all deposits and withdrawals on Upbit, began conducting internal security checks, and committed to working with analytics firms and law enforcement agencies to freeze stolen assets. The company is also committed to fully compensating customers for their losses.
The merger aims for next-generation financial infrastructure, but faces obstacles
The announcement of the merger – on the same day as the Upbit hack – is causing growing skepticism. At a press conference held Nov. 27 at Naver’s headquarters in Seongnam, executives unveiled plans to merge the companies in an all-stock deal worth $10.3 billion. The deal will issue 87.56 million new Navir shares and aims to achieve three main objectives.
First, the new company intends to design a next-generation financial infrastructure to diversify revenue beyond exchanges. Second, plan To address new payment needs by issuing and exchanging a stablecoin backed by the Korean wonLocal and international settlements. Third, the entity will pursue global expansion by integrating Donamo’s blockchain expertise with Naver’s broad user base in Asia.
The combined entity hopes to use blockchain and Web3 technology, as well as artificial intelligence. The massive reach of Naver’s platform, including Line Messenger, could drive rapid international growth, which most blockchain startups struggle to achieve. Executives have also raised the possibility of seeking a Nasdaq listing in the United States, but only if shareholder value can be demonstrated.
Once again, the hacker introduces new complications. Regulators may now scrutinize Donamo’s security measures more closely as part of the merger review. The case also raises concerns about whether Never Group can continue with the acquisition amid active criminal and regulatory investigations. Other market changes, such as Binance’s recent acquisition of the Jobex exchange, are also shaping the regulatory landscape.
If Donamo’s case to renew its VASP license is resolved, reviews could resume for all platforms, potentially ending the impasse that has stopped the industry for more than a year. The outcome of legal proceedings and investigations following a breach may determine whether the merger will go smoothly or face delays and restructuring.
